Lucene search

[email protected]CVE-2012-2144

HistoryJun 05, 2012 - 10:55 p.m.

CVE-2012-2144

2012-06-0522:55:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2012-2144

session fixation

openstack dashboard

horizon

folsom-1

2012.1

remote attackers

web sessions

sessionid cookie

6.4 Medium

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.03 Low

EPSS

Percentile

90.9%

JSON

Session fixation vulnerability in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 allows remote attackers to hijack web sessions via the sessionid cookie.

CPENameOperatorVersion
openstack:horizonopenstack horizoneq2012.1
openstack:horizonopenstack horizoneqfolsom-1

CPE	Name	Operator	Version
openstack:horizon	openstack horizon	eq	2012.1
openstack:horizon	openstack horizon	eq	folsom-1

References

lists.fedoraproject.org/pipermail/package-announce/2012-May/081173.html

secunia.com/advisories/49024

secunia.com/advisories/49071

ubuntu.com/usn/usn-1439-1

www.openwall.com/lists/oss-security/2012/05/05/1

www.osvdb.org/81741

www.securityfocus.com/bid/53399

bugs.launchpad.net/horizon/+bug/978896

exchange.xforce.ibmcloud.com/vulnerabilities/75423

github.com/openstack/horizon/commit/041b1c44c7d6cf5429505067c32f8f35166a8bab

6.4 Medium

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.03 Low

EPSS

Percentile

90.9%

JSON

Related for CVE-2012-2144

nessus2 openvas6 github1 prion1 fedora2 osv1 ubuntucve1 debiancve1 ubuntu1 securityvulns2